I am a dissident truth journalist and activist. Also I have worked extreme high security jobs in the past but not now.
I strongly suspect that I am under an investigation of some type and my device is being directly compromised. Here are my observations in chronological order in case this can help anyone.

  • 1 install of Graphene OS on P6a for over a year.

  • use auditor on an Android 8 phone to attest first use before network connected or sim inserted. (This worked until very recently on my last reinstall today, Auditor now errors and says the version is too old on my 8)

  • I had 6 digit PINs and 1 biometric per profile. USB-C when unlocked to use wired headphones. (health)

  • I turn off almost everything, vibe, turn and press to wake, and animations.

  • Upon leaving my phone in a friends car inside a Faraday bag (for health) it turns up 3 days later. This phone was for sure reset and at rest in this bag. However, this is before the heat firmware bug was patched.

-When I get the phone back, I notice that it prompts for PIN instead of fingerprint. No updates or changes. A swipe is required to get to the fingerprint prompt. Tried everything in forums but could not fix this behavior.

  • Upon certain updates, the PIN issue gets fixed but eventually reverts back after a period of time I cannot remember.

  • I notice another odd behavior, at certain times when I press the wake button the screen does not turn on. Even after hitting the button twice, there is a considerable amount of lag occasionally to access the lock screen.

-Another behavior new and noticed some time later, only when I press the sleep button or when screen times out, only when I have Molly on the screen, the screen turns off, then flashes on for a split second before turning off for good again. This is persistent across reboots and seemed almost 100% of the time.

-finally, Molly starts to quit and crash. I say its time for a reinstall anyways.

-upon a recent reinstall, none of the above behaviors occurred for a couple days even after loading all previous software and signing into everything again.
I decide to only use PIN no fingerprint for my own Owner profile, not much security change. Still have fingerprint to unlock.

  • After leaving my recently installed and working phone unattended (again, for health, RFs) at a public place of work, and only chatting on Molly - I come back and 2 same behaviors returned. The PIN prompt bug and the delayed wake bug. (My phone is in 10/10 condition cased entire life- I suspected the button itself but after having this bug for awhile - the button is in great condition and is being pressed fully for sure.)

Due to me having just made new PINs, keys, I hide my login from cameras, and at the time I was not really doing anything that should trigger a remote compromise, I think that my phone is being professionally compromised in person while unattended, or its some really strange bugs.

I very recently installed again, now its back working 100%.
I am going to try no fingerprint unlock this time, or also maybe just remember to put at rest unattended.

I know feds have my prints I gave for security jobs, also it may be easy in some settings to obtain a print, digitize it, and get a proxy print if it's not feds. If it's not caused by extremely strange bugs the lesson from this is:

If you think you might have a higher threat matrix, do NOT use just fingerprint to unlock unattended. I deleted just the one biometric unlockable profile and tried to restore a new one from backup. The second time. This did not work, bugs remained the same on new profile. Reinstall was required to fix it again.

The 2FA login prompt also will likely patch this.

I am not that worried about it personally but - I thought I would share this unique user story as soon as I got my phone back to 100% working correctly a second time.

Thanks devs and everyone for keeping the hope of computer and digital freedom alive.

    I think all behaviors you describe are entirely normal. For example the phone does reboot itself if left unattended, to clear RAM and bring device back into fully locked mode, because it assumes it has been stolen. Also, having to swipe to get to fingerprint unlock is common.

    If someone modified the phone, you wouldn't notice any behavior changes at all, especially not those kinds. It would be stealthy.

    If you suspect compromise, hold power button for more than 30 seconds until the phone reboots. This is to ensure the device was really powered off at the hardware level. Hold power button and volume down, so you enter fastboot screen. Use volume keys and power to select recovery. Once loaded, press power button and volume up to bring up menu. Select factory default and perform it. This is secure factory default. Once done, pause at the bootloader screen. Verify the hash printed on the screen is exactly the right one for your device, see GrapheneOS installation instructions for the right value. At this point you know the phone is no longer compromised at a software level. But you will lose all your data.

    Of course it is possible the phone is compromised by having had hardware modified. That is, the attacker has physically opened up your phone.

    Freedomain

    I would like to suggest a few things. Use a duress PIN (https://grapheneos.org/features#duress) so you can wipe your phone digit your PIN that you have inserted during the setup.
    Don't use a 6 digit PIN, an 6-digit PINs can easily brute forced, instead of using a PIN use a password with more than 10 characters.
    Take your phone always with you, power off your phone, and put it in a Faraday bag, don't leave the faraday bag. If you left your phone in a car, the phone can easily be physically accessible as he said @ryrona

      TRoy Don't use a 6 digit PIN, an 6-digit PINs can easily brute forced, instead of using a PIN use a password with more than 10 characters.

      https://discuss.grapheneos.org/d/13155-grapheneos-version-2024053100-released/48

      Brute force attacks are always prevented by the secure element's throttling if you have at least a random 6 digit PIN.

      https://discuss.grapheneos.org/d/12848-claims-made-by-forensics-companies-their-capabilities-and-how-grapheneos-fares/139

      There's no indication that any of these companies can currently bypass the Titan M2 brute force protection provided through the Weaver feature. That means it quickly ramps up to 1 attempt per 24 hours after 140 failed attempts which makes a random 6 digit PIN secure.

        There is a very small broken notch on the left side of the screen bezel. Right at the very top of where the volume buttons are but on the left side. Also I can tell there are very small marks and scratches around the corners and edge screen that shouldn't really be there because it has been cased. Otherwise the case looks very clean, hard to tell if its been opened. Would there be a way to confirm a hardware mod or if the screen was opened? Feeling around the edge and corners does result in feeling these.

        When reinstalling both times, Aegis acted very glitchy the app will just flash for a short moment then disappear to the home screen when you click it. and In had to reset it several times for it to stop blanking the screen when trying to enter 2FA codes.

        I guess the lesson might be, don't leave your pixel unattended and if you do, look really hard around the screen.

        Dumdum 💀

        "I am a dissident truth journalist and activist. Also I have worked extreme high security jobs in the past but not now.
        I strongly suspect that I am under an investigation of some type and my device is being directly compromised."

        I don't known his full currently version, but let's be honest, here we are not talking about simple cops...

        Btw, if you wanna quote something, quote the entire message and not only the part you want.
        https://discuss.grapheneos.org/d/13155-grapheneos-version-2024053100-released/48

        This throttling is implemented by the secure element and therefore cannot be bypassed by restoring OS data on the SSD or exploiting the OS, unlike an OS-based counter for unlock attempts. Bypassing this requires a secure element exploit, which is astoundingly more difficult than an OS exploit to the point that Cellebrite has not figured it out for the Titan M2 (Pixel 6 and later) yet even with an older version. They did figure it out for the Pixel 2 NXP secure element and Titan M1 (Pixel 3 through Pixel 5a). They bypassed it on Samsung phones and Apple's comparable feature up until the iPhone 12 too. They'll likely bypass it on newer Pixels and iPhones eventually. If you want to prevent brute force even if an attacker exploits the secure element, you need a strong passphrase, which we'll be making more usable without resorting to fingerprint-only secondary unlock via 2-factor fingerprint unlock support where you can add a PIN to it.
        Duress PIN/password is an OS feature without secure element support. An attacker successfully exploiting the OS can try the duress PIN/password without risking a wipe since they can control the OS. In theory, the secure element could implement duress PIN/password support by having a 2nd authentication token for each Weaver slot which wipes the Weaver token instead of providing it. There's no way for GrapheneOS to implement this without having our own hardware where we can add secure element features. We can explicitly document this in the future usage guide section.

        I suggested setting up a duress PIN in case he have a confidential document that doesn't want to anyone have in possession, allowing the user to wipe the entire device in case of a threat.

        https://discuss.grapheneos.org/d/12848-claims-made-by-forensics-companies-their-capabilities-and-how-grapheneos-fares/139

        There's no indication that any of these companies can currently bypass the Titan M2 brute force protection provided through the Weaver feature. That means it quickly ramps up to 1 attempt per 24 hours after 140 failed attempts which makes a random 6 digit PIN secure.

        As I said before, I think we are not talking about normal cops... related to companies there are still no exploits to bypass the Titan M2 brute force protection, but if you wanna talk about government agencies we still don't know if they can or not, because they are not release public document.